Hello, everybody. Greetings from the Netherlands and welcome to this presentation called “A Contemporary Investigation on NTFS File Fragmentation”. In the next 20 minutes, I will tell you all about the research and our paper, which has the same title … Read more
NTFS
ForGe – Computer Forensic Test Image Generator
Introduction
Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of Westminster. We were assigned a task to compare computer … Read more
Interpretation of NTFS Timestamps
Introduction
File and directory timestamps are one of the resources forensic analysts use for determining when something happened, or in what particular order a sequence of events took place. As these timestamps usually are stored in some internal format, additional … Read more
Shrinking the gap: carving NTFS-compressed files
First published October 2009
Recovering deleted NTFS-compressed files
By Joachim Metz
Hoffmann Investigations
www.hoffmannbv.nl
1.0 Joachim Metz September 2, 2009 Initial version.
An important part of digital forensic investigation is the recovery of data, particulary files. The recovery of
Simple Steganography on NTFS when using the NSRL
First published October 2009
Adam Hurwitz
[email protected]
Business Intelligence Associates, Inc.
39 Broadway, NYC, NY 10006
NTFS is structured so that there can be a physical separation of the data that comprises a file and the properties or metadata
Dissecting NTFS Hidden Streams
First published July 2006
by Chetan Gupta
NII Consulting, Mumbai
www.niiconsulting.com
Analysis of hidden data in the NTFS file system
First published January 2006
Cheong Kai Wee
Edith Cowan University
[email protected]
Abstract
Criminals with sensitive information such as crime records tend to hide/encrypt this information so that even if their computers are collected by police department, there is no evidence … Read more